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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including tine fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
07/07/2009 has been entered. 

EXAMINER'S AMENDMENT 

2. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Hary Smith at (203) 925-9400 on 09/17/2009 and 09/23/2009. 
The examiner amendment as follow: 
Claims 5, 8 and 21 are cancelled. 
Claim 1. A method comprising: 

establishing a secure tunnel between a security gateway in an second network 
and a mobile terminal located at a first address in a first network, wherein the first 
network is a public packet network and the second network is a private packet network 
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and the security gateway connects tlie first networl^ to a second network and the mobile 
terminal has a second address that identifies the mobile terminal in the second network; 

in the security gateway, identifying the secure tunnel based on the second 
address in packets destined for the mobile terminal from the second network 

detecting a change In the first address of the mobile terminal; 

In response to the detecting step, sending an update message to the security 
gateway, wherein the update message includes a new address value of the first 
address; and wherein the update message also includes data to be transmitted to the 
security gateway; and 

based on the update message, updating the first address associated with the 
secure tunnel; wherein sending comprising creating an update message includes a 
network address translation discovery pavload configured to detect a network address 
translation device between the mobile terminal and the security gateway. 

Claim 6. An apparatus, comprising: 

tunnel establishment means for establishing a secure tunnel to a security 
gateway through a packet network; wherein the security gateway Is configured to 
connect a first network to a second network, the first network being a public packet 
network and the second network being a private packet network, the security gateway Is 
in the second network and the mobile terminal has a first address that depends on its 
current location in the first network and a second address that identifies the mobile 
terminal in the second network; and 
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address update means for sending an update message tlirougli said secure 
tunnel to the security gateway when the first address changes, wherein the update 
message includes a new address value of the first address, and wherein the update 
message also includes data to be transmitted to the security gateway; wherein said 
address update means comprises means for creating an update messages including a 
network address translation discovery pavload configured to detect a network address 
translation device between the mobile terminal and the security gateway. 

Claim 9. An apparatus, comprising: 

tunnel establishment means for establishing a secure tunnel to a mobile terminal 
located at a first address in a first network, wherein the security gateway is in a second 
network and configured to connect the first network to a second network, the first 
network being a public packet network and the second network being a private packet 
network, and the mobile terminal has a second address that identifies the mobile 
terminal in the second network; 

identification means for identifying the secure tunnel based on the second 
address in a packet originated from the second network and destined for the mobile 
terminal; and 

address update means for updating the first address associated with the secure 
tunnel, the address update means being responsive to a message received from the 
mobile terminal, the message including a new value of the first address; wherein said 
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address update means comprises means for creating an update messages including a 
network address translation discovery payload configured to detect a networl< address 
translation device between the mobile terminal and the security gateway. 

Claim 10. A system, comprising: 

tunnel establishment means for establishing a secure tunnel between a security 
gateway in a second networl< and a mobile terminal located at a first address in a first 
networl<, wherein the first network is a public packet network and the second network is 
a private packet network, the security gateway is configured to connect the first network 
to a second network, and the mobile terminal has a second address that identifies the 
mobile terminal in the second network; 

detection means for detecting a change in the first address; 

first address update means, responsive to the detection means, for sending an 
update message to the security gateway, wherein the update message includes a new 
address value of the first address, and wherein the update message also includes data 
to be transmitted to the security gateway; 

in the security gateway, second address update means for updating the first 
address associated with the secure tunnel in response to the update message; and 

in the security gateway, identification means for identifying the secure tunnel 
based on the second address in a packet originated from the second network and 
destined for the mobile terminal; and 
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update messages creating means for including a network address translation 
discovery payload configured to detect a network address translation device between 
the mobile terminal and the security gateway. 

Claim 11. A computer useable storage medium having computer readable 
program code embodied therein to enable a mobile terminal to communicate with a 
security gateway in a packet-based communication system, the computer readable 
program code comprising: 

computer readable program code configured to cause the mobile terminal to 
establish a secure tunnel to a security gateway through a packet network; wherein the 
security gateway is configured to connect a first network to a second network, the first 
network being a public packet network and the second network being a private packet 
network, the security gateway is in the second network and the mobile terminal has a 
first address that depends on its current location in the first network and a second 
address that identifies the mobile terminal in the second network; and 

computer readable program code configured to cause the mobile terminal to 
send an update message through said secure tunnel to the security gateway when the 
first address changes, wherein the update message includes a new address value of 
the address, and wherein the update message also includes data to be transmitted to 
the security gateway; 
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further comprising creating an update message including a network address 
translation discovery payload configured to detect a network address translation device 
between the mobile terminal and the security gateway. 

Claim 12. A computer useable medium having computer readable program code 
embodied therein to enable a mobile terminal located at a first address in a first network 
to communicate with a security gateway in a packet-based communication system, the 
security gateway being in a second network and configured to connect a first network to 
a second network, the first network being a public packet network and the second 
network being a private packet network, and the computer readable program code 
comprising: 

computer readable program code configured to cause the mobile terminal to 
send an update message through a secure tunnel to the security gateway when a first 
address that depends on the mobile terminal's current location in the first network 
changes, wherein the update message includes a new address value of the first 
address, and wherein the update message also includes data to be transmitted to the 
security gateway: further comprising creating an update message including a network 
address translation discovery payload configured to detect a network address 
translation device between the mobile terminal and the security gateway. 
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Claim 13. A method, comprising: 

establishing a secure tunnel from a first network to a security gateway in a 
second network through a packet network; wherein the security gateway is configured 
to connect a first network to a second network, the first network is a public packet 
network and the second network is a private packet network, and the mobile terminal 
has a first address that depends on its current location in the first network and a second 
address that identifies the mobile terminal in the second network; and 

sending an update message through said secure tunnel to the security gateway 
when the first address changes, wherein the update message includes a new address 
value of the first address, and wherein the update message also includes data to be 
transmitted to the security gateway; wherein sending comprising creating an update 
message including a network address translation discovery pavload configured to detect 
a network address translation device between the mobile terminal and the security 
gateway. 

Claim 14. A method, comprising: 

establishing a secure tunnel from a second network to a mobile terminal located 
at a first address in a first network, wherein the security gateway is configured to 
connect the first network to a second network, the first network is a public packet 
network and the second network is a private packet network, and the mobile terminal 
has a second address that identifies the mobile terminal in the second network; 
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identifying the secure tunnel based on the second address in a packet originated 
from the second network and destined for the mobile terminal; and 

updating the first address associated with the secure tunnel, in response to a 
message received from the mobile terminal, the message including a new value of the 
first address; 

further comprising creating an update message including a network address 
translation discovery pavload configured to detect a network address translation device 
between the mobile terminal and the security gateway. 

Claim 15. An apparatus, comprising: 

a control unit, configured to a memory unit including computer program code, 
the memory unit and the computer program code configured to, with the control 
unit, cause the apparatus at least to, establish a secure tunnel from a first network to a 
security gateway in a second network through a packet network, wherein the security 
gateway is configured to connect a first network to a second network, the first network is 
a public packet network and the second network is a private packet network, and a 
mobile terminal has a first address that depends on its current location in the first 
network and a second address that identifies the mobile terminal in the second 
network, and send an update message through said secure tunnel to the security 
gateway when the first address changes, wherein the update message includes a new 
address value of the first address, and wherein the update message also includes 
data to be transmitted to the security gatewa y; wherein the control unit is further 
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configured to create an update message including a network address translation 
discovery payload configured to detect a network address translation device between 
the mobile terminal and the security gateway. 

Claim 16. An apparatus, comprising: 

a control unit, configured to a memory unit including computer program code, 

the memory unit and the computer program code configured to, with the control 
unit, cause the apparatus at least to, 

establish a secure tunnel from a first network to a security gateway in a 
second network through a packet network, wherein the security gateway is 
configured to connect a first network to a second network, the first network is a 
public packet network and the second network is a private packet network, and the 
mobile terminal has a first address that depends on its current location in the first 
network and a second address that identifies the mobile terminal in the second 
network, 

identify the secure tunnel based on the second address in a packet 
originated from the second network and destined for the mobile terminal, and 

update the first address associated with the secure tunnel, being responsive 
to a message received from the mobile terminal, the message including a new value of 
the first address; and creating an update messages including a NAT-D oavload 
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configured to detect a network address translation device between the mobile terminal 
and the security gateway. 

Claim 17. The apparatus of claim 16, further comprising a stored table mapping 
the second address with the secure tunnel, and wherein the control unit is further 
configured to use the table to identify the secure tunnel. 

Allowable Subject Matter 

3. The following is an examiner's statement of reasons for allowance: 

4. Claims 1 , 3, 4, 6, 7, 9, 1 0-1 6, 1 7, 1 8 and 1 9-20 and 22 are allowable according to 
applicant's remarks filed on 07/07/2009 and further based on the examiner's 
amendment of 09/1 7/2009. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KIET DOAN whose telephone number is (571 )272-7863. 
The examiner can normally be reached on Sam - 5pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Charles Appiah can be reached on 571-272-7904. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kiet Doan/ 
Examiner, Art Unit 2617 

/Charles N. Appiah/ 

Supervisory Patent Examiner, Art Unit 2617 



